CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2213 – SourceCodester Library Management System cross site scripting
https://notcve.org/view.php?id=CVE-2022-2213
A vulnerability was found in SourceCodester Library Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/edit_admin_details.php?id=admin. The manipulation of the argument Name leads to cross site scripting. • https://github.com/CyberThoth/CVE/blob/main/CVE/Library%20Management%20System%20with%20QR%20code%20Attendance/Cross%20Site%20Scripting%28Stored%29/POC.md https://vuldb.com/?id.202759 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2212 – SourceCodester Library Management System /card/index.php unrestricted upload
https://notcve.org/view.php?id=CVE-2022-2212
A vulnerability was found in SourceCodester Library Management System 1.0. It has been classified as critical. Affected is an unknown function of the component /card/index.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. • https://github.com/CyberThoth/CVE/blob/main/CVE/Library%20Management%20System%20with%20QR%20code%20Attendance/File_Upload/POC.md https://vuldb.com/?id.202758 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-28073 – Library Management System 1.0 SQL Injection
https://notcve.org/view.php?id=CVE-2020-28073
SourceCodester Library Management System 1.0 is affected by SQL Injection allowing an attacker to bypass the user authentication and impersonate any user on the system. SourceCodester Library Management System versión 1.0, está afectado por una Inyección SQL, permitiendo a un atacante omitir la autenticación del usuario y hacerse pasar por cualquier usuario del sistema Library Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. • http://packetstormsecurity.com/files/160606/Library-Management-System-1.0-SQL-Injection.html https://www.sourcecodester.com/php/14545/online-library-management-system-phpmysqli-full-source-code-2020.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 7%CPEs: 1EXPL: 1CVE-2020-28130
https://notcve.org/view.php?id=CVE-2020-28130
An Arbitrary File Upload in the Upload Image component in SourceCodester Online Library Management System 1.0 allows the user to conduct remote code execution via admin/borrower/index.php?view=add because .php files can be uploaded to admin/borrower/photos (under the web root). Una Carga de Archivos Arbitraria en el componente Upload Image en SourceCodester Online Library Management System versión 1.0, permite al usuario conducir una ejecución de código remota por medio de admin/borrower/index.php?view=add porque los archivos .php pueden ser cargados en admin/borrower/photos ( bajo la root web) • https://www.exploit-db.com/exploits/48928 https://www.sourcecodester.com/php/14545/online-library-management-system-phpmysqli-full-source-code-2020.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-25515
https://notcve.org/view.php?id=CVE-2020-25515
Sourcecodester Simple Library Management System 1.0 is affected by Insecure Permissions via Books > New Book , http://<site>/lms/index.php?page=books. Sourcecodester Simple Library Management System versión 1.0, está afectado por Permisos No seguros por medio de Books ) New Book, http://(site)/lms/index.php?page=books • https://github.com/Ko-kn3t/CVE-2020-25515 http://simple.com https://www.sourcecodester.com • CWE-434: Unrestricted Upload of File with Dangerous Type •